Security & Compliance,
honestly documented.
AscendCore is built for the security team first. Approval-first architecture, per-org credential isolation, and an honest roadmap for the controls we're still building.
Live system status, uptime SLA, and incident response posture → ascendcore.ai/status
Procurement-grade overview + pre-filled questionnaires (SIG-Lite, CAIQ, VSA, CISO Top-50) → ascendcore.ai/security/overview
Why every automation is approval-gated, end to end → ascendcore.ai/approval-first
Security is architecture, not a checkbox.
Every design decision in AscendCore starts with a threat model. Here's what that looks like in production right now.
Approval-First Architecture
Every automation requires explicit human approval before execution. No autonomous actions, no "AI just decided" surprises. The HITL gate is the brand promise: server-side enforced, demo-role users blocked.
Per-Org Credential Isolation
Integration secrets (Slack tokens, Okta API keys, Entra client secrets, M365 credentials) are scoped per organization, managed via Doppler, and synced to runtime via the Doppler ↔ Netlify integration. Each org's credentials only resolve for that org's traffic.
Verified Webhook Integrity
Inbound Slack requests verified via HMAC-SHA256 signing secret with timing-safe comparison. Inbound Teams activities verified via JWT signature against Microsoft Bot Framework's public JWKS. Spoofed requests rejected at the edge.
Encryption in Transit & at Rest
TLS 1.3 in transit (Netlify edge). AES-256 at rest for all stored data (Cloudflare R2 for files, Netlify Blobs for state). No plaintext secrets on disk or in logs.
Role-Based Access Control
Owner / Demo / Guest roles with server-side enforcement on every dashboard mutation route. Demo-role users cannot trigger real Okta / Entra / M365 actions, verified in code (commit 2411594).
Tamper-Evident Audit Chain
Every approval, denial, and execution is recorded with timestamp, actor identity, target resource, and outcome, then appended to a SHA-256 hash chain backed by Postgres. Each record is linked to the prior record's hash, so a single altered row breaks chain verification. Customers can export the full chain via CSV and re-run our verification routine independently as cryptographic proof against later tampering.
Where we are. Where we're going.
The full picture of AscendCore security posture: what's shipped, what's in active engineering, and what's on the longer-horizon roadmap.
Today
- Human-in-the-loop approval on every automation
- Per-org credential isolation via Doppler
- Slack HMAC-SHA256 + Teams JWT verification
- TLS 1.3 in transit · AES-256 at rest
- Server-side RBAC (owner / demo / guest)
- Per-IP rate limiting on all public endpoints
- Per-API-key rate limiting with plan-tier graduated capacity (60 / 600 / 6000 req/min)
- Idempotent action handling (no double-execution under retry)
- Tamper-evident SHA-256 hash-chain audit log: every approve/deny across Slack, Teams, and dashboard appended to a verifiable chain
- Postgres-backed audit store (Neon, US East 2) with chain verification + CSV export for customer-side proof
- 13 production runbooks across Slack, Teams, and dashboard
- Customer REST API v1 (bearer-token auth, scoped permissions, OpenAPI 3.1 spec at /api-docs)
- HMAC-SHA256 outbound webhooks (Stripe-style signing, replay-window protected)
- OIDC SSO for admin login (Microsoft Entra + Okta supported)
- MFA enforcement via mandatory SSO: admin access brokered through customer's IdP, which enforces MFA + conditional access
- Natural-language intent classifier (Anthropic Haiku) with strict JSON output
- GDPR-aware Data Processing Agreement
- US data residency (Netlify US region · Neon US East 2)
Active engineering
SOC-2 Type I
Planned
Vanta enrollment planned (begins once budgeted); ~90-day audit window then certification
Multi-tenant per-customer isolation
Q3 2026
Phase 1 (org schema + Blobs-backed CRUD) and Phase 2 (resolvers wired into Slack/Teams/Okta/Entra handlers) shipped. Phase 3 (per-tenant Teams JWT audience enforcement) is enterprise-only and ships when the first BYOB customer signs.
Independent penetration test
Q3 2026
Commissioning a third-party assessment ahead of first enterprise customer deployments. Reports will be available under NDA for active procurement conversations.
Customer-managed billing portal (Stripe)
Q3 2026
Stripe billing infrastructure (customer + subscription mirror, webhook receiver, plan-tier enforcement) is live in production. The customer-facing self-serve portal flow (checkout sessions, plan upgrades, customer portal links) ships next.
Committed direction
Per-tenant customer SSO (each customer's IdP signs in their employees)
Q4 2026
Admin SSO (Microsoft Entra + Okta) for AscendCore admin login is already live. This roadmap item extends to per-tenant customer-employee SSO where each customer's own IdP authenticates their own users. This requires a per-org user model + multi-tenant session shape.
Customer-managed encryption keys (BYOK)
H1 2027
Bring-your-own-KMS for application-level data encryption.
BYO-LLM routing (Bedrock / Azure OpenAI)
Q4 2026
Today: Anthropic enterprise API direct. Roadmap: pluggable inference for customers requiring data residency in their own AWS / Azure account.
Single-tenant deployment option
2027
Dedicated infrastructure deployment (own Netlify site or BYOC) for customers requiring full physical isolation.
SOC-2 Type II
H2 2027
After Type I + observation period.
ISO 27001
2027
Post-SOC-2 alignment with international procurement requirements.
HIPAA-aligned deployment
Demand-driven
BAA template ready; full HIPAA controls activated when first healthcare design partner signs.
We publish this roadmap to make our trust posture verifiable. Items move from In Progress → Livevia dated commits and changelog entries. If you're evaluating us against an enterprise checklist, ask security@ascendcore.ai for the latest status against any specific control.
Sub-processors
The third-party services that may process customer data while delivering AscendCore. Updated whenever we add or remove a vendor; see the timestamp at the top of this page.
| Vendor | Purpose | Region | Terms |
|---|---|---|---|
| Anthropic | LLM inference (intent classification) | US | No training on API data per Anthropic terms |
| Slack Technologies | Bot framework + slash commands | US | Standard Slack DPA |
| Microsoft (Bot FW, Graph, Entra) | Teams bot, Microsoft 365 / Entra automations | US/EU | Microsoft DPA + EU SCCs |
| Cloudflare R2 | Object storage at rest (AES-256) | US | Cloudflare DPA |
| Netlify | Application hosting + edge functions + Blobs | US | Netlify DPA |
| Neon | Postgres database for tamper-evident audit chain | US | Neon DPA · US East 2 region |
| Doppler | Secret management with auditable secret access | US | Doppler DPA |
| Resend | Transactional email (notifications) | US | Resend DPA |
| PostHog | Product analytics (anonymized after consent) | US/EU | PostHog DPA · cookie-consent gated |
| Vanta | Compliance automation (after enrollment) | US | Vanta DPA · enrollment planned (begins once budgeted) |
Questions we get from security teams.
Honest answers, including for the things we're still building.
Want to verify any specific control?
We'll do a technical review call, walk through architecture in detail, share our internal audit findings under NDA, or answer specific items on your enterprise security questionnaire.
Ready to Reclaim 200+ Hours a Month?
Join forward-thinking IT teams piloting AscendCore in private beta. Onboarding takes days, not months, with human-in-the-loop approval on every action.
No credit card required. 30-day pilot. Cancel anytime.
